scan

package

v1.1.0 Latest Latest Go to latest Published: Apr 23, 2026 License: Apache-2.0 Imports: 39 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/DataDog/datadog-iac-scanner

Links

Open Source Insights

Documentation ¶

Overview ¶

Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. *
This product includes software developed at Datadog (https://www.datadoghq.com) Copyright 2024 Datadog, Inc.
Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. *
This product includes software developed at Datadog (https://www.datadoghq.com) Copyright 2024 Datadog, Inc.

Package scan implements functions and helpers to ensure the proper scan of the specified files

Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. *
This product includes software developed at Datadog (https://www.datadoghq.com) Copyright 2024 Datadog, Inc.

Index ¶

type Client
- func NewClient(ctx context.Context, params *Parameters, customPrint *consolePrinter.Printer) (*Client, error)
- func (c *Client) GetQueryPath(ctx context.Context) (provider.ExtractedPath, error)
- func (c *Client) PerformScan(ctx context.Context) (ScanMetadata, error)
type Parameters
- func GetDefaultParameters(ctx context.Context, rootPath string) (*Parameters, context.Context)
type Results
type RuleStats
type RuleTiming
type ScanMetadata
type ScanStats

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Client ¶

type Client struct {
	ScanParams        *Parameters
	ScanStartTime     time.Time
	Tracker           *tracker.CITracker
	Storage           *storage.MemoryStorage
	ExcludeResultsMap map[string]bool
	Printer           *consolePrinter.Printer
	FlagEvaluator     featureflags.FlagEvaluator
}

Client represents a scan client

func NewClient ¶

func NewClient(ctx context.Context, params *Parameters, customPrint *consolePrinter.Printer) (*Client, error)

NewClient initializes the client with all the required parameters

func (*Client) GetQueryPath ¶

func (c *Client) GetQueryPath(ctx context.Context) (provider.ExtractedPath, error)

GetQueryPath gets all the queries paths

func (*Client) PerformScan ¶

func (c *Client) PerformScan(ctx context.Context) (ScanMetadata, error)

PerformScan executes executeScan and postScan

type Parameters ¶

type Parameters struct {
	CloudProvider               []string
	ExperimentalQueries         bool
	InputData                   string
	OutputName                  string
	OutputPath                  string
	RepoPath                    string
	Path                        []string
	PayloadPath                 string
	PreviewLines                int
	QueriesPath                 []string
	LibrariesPath               string
	ReportFormats               []string
	Platform                    []string
	ExcludePlatform             []string
	TerraformVarsPath           string
	QueryExecTimeout            int
	LineInfoPayload             bool
	DisableSecrets              bool
	SecretsRegexesPath          string
	ChangedDefaultQueryPath     bool
	ChangedDefaultLibrariesPath bool
	ScanID                      string
	BillOfMaterials             bool
	ExcludeGitIgnore            bool
	OpenAPIResolveReferences    bool
	ParallelScanFlag            int
	MaxFileSizeFlag             int
	UseOldSeverities            bool
	MaxResolverDepth            int
	KicsComputeNewSimID         bool
	PreAnalysisExcludePaths     []string
	SCIInfo                     model.SCIInfo
	FlagEvaluator               featureflags.FlagEvaluator
	Config                      config.IacConfig
	DownloadQueriesFromDatadog  bool
}

Parameters represents all available scan parameters

func GetDefaultParameters ¶

func GetDefaultParameters(ctx context.Context, rootPath string) (*Parameters, context.Context)

type Results ¶

type Results struct {
	Results        []model.Vulnerability
	ExtractedPaths provider.ExtractedPath
	Files          model.FileMetadatas
	FailedQueries  map[string]error
}

Results represents a result generated by a single scan

type RuleStats ¶

type RuleStats struct {
	// TimedOut contains a list of rules that timed out.
	TimedOut []string
	// MostExpensiveRule contains the rule that spent the most time executing during the analysis.
	MostExpensiveRule RuleTiming
	// SlowestRule contains the rule that spent the most time executing per file.
	SlowestRule RuleTiming
}

type RuleTiming ¶

type RuleTiming struct {
	Name string
	Time time.Duration
}

type ScanMetadata ¶

type ScanMetadata struct {
	// StartTime contains the instant in which the analysis started.
	StartTime time.Time
	// EndTime contains the instant in which the analysis ended.
	EndTime time.Time
	// DiffAware contains whether the analyzer could use Diff-Aware scanning.
	DiffAware bool
	// CoresAvailable contains the number of cores that were available to the analyzer.
	CoresAvailable int
	// Stats contains statistics about the analysis.
	Stats ScanStats
	// RuleStats contains statistics about rules.
	RuleStats RuleStats
}

type ScanStats ¶

type ScanStats struct {
	// Violations contains the number of violations that were found.
	Violations int
	// Files contains the number of files that were analyzed.
	Files int
	// Rules contains the number of rules that were evaluated.
	Rules int
	// Duration contains the time it took to complete the analysis.
	Duration time.Duration
	// ViolationBreakdowns contains a breakdown of the violations by severity.
	ViolationBreakdowns map[string]map[string]int
	// ResourcesFound contains the number of resources that were analyzed.
	ResourcesScanned int
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL